package com.example.auth.config;

import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
@EnableWebFluxSecurity
@Slf4j
public class WebSecurityConfig {

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity httpSecurity){
//        ServerBearerTokenAuthenticationConverter bearerTokenAuthenticationConverter = new ServerBearerTokenAuthenticationConverter();
//        bearerTokenAuthenticationConverter.setAllowUriQueryParameter(true);
//        httpSecurity
//                .authorizeExchange()
//                .matchers(EndpointRequest.toAnyEndpoint()).permitAll()
//                .anyExchange().authenticated().and()
//                .formLogin().disable()
//                .httpBasic().disable()
//                .csrf().disable()
//                .logout().disable()
//                .oauth2ResourceServer()
//                .bearerTokenConverter(bearerTokenAuthenticationConverter)
//                .jwt();
        httpSecurity.authorizeExchange().pathMatchers("/api/auth/**").permitAll()
                .and()
                .csrf().disable();
        return httpSecurity.build();
    }


}
